ManagedGrafana

Client

class ManagedGrafana.Client

A low-level client representing Amazon Managed Grafana

Amazon Managed Grafana is a fully managed and secure data visualization service that you can use to instantly query, correlate, and visualize operational metrics, logs, and traces from multiple sources. Amazon Managed Grafana makes it easy to deploy, operate, and scale Grafana, a widely deployed data visualization tool that is popular for its extensible data support.

With Amazon Managed Grafana, you create logically isolated Grafana servers called workspaces . In a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces without having to build, package, or deploy any hardware to run Grafana servers.

client = session.create_client('grafana')

These are the available methods:

associate_license(**kwargs)

Assigns a Grafana Enterprise license to a workspace. Upgrading to Grafana Enterprise incurs additional fees. For more information, see Upgrade a workspace to Grafana Enterprise .

See also: AWS API Documentation

Request Syntax

response = client.associate_license(
    licenseType='ENTERPRISE'|'ENTERPRISE_FREE_TRIAL',
    workspaceId='string'
)
Parameters
  • licenseType (string) --

    [REQUIRED]

    The type of license to associate with the workspace.

  • workspaceId (string) --

    [REQUIRED]

    The ID of the workspace to associate the license with.

Return type

dict

Returns

Response Syntax

{
    'workspace': {
        'accountAccessType': 'CURRENT_ACCOUNT'|'ORGANIZATION',
        'authentication': {
            'providers': [
                'AWS_SSO'|'SAML',
            ],
            'samlConfigurationStatus': 'CONFIGURED'|'NOT_CONFIGURED'
        },
        'created': datetime(2015, 1, 1),
        'dataSources': [
            'AMAZON_OPENSEARCH_SERVICE'|'CLOUDWATCH'|'PROMETHEUS'|'XRAY'|'TIMESTREAM'|'SITEWISE',
        ],
        'description': 'string',
        'endpoint': 'string',
        'freeTrialConsumed': True|False,
        'freeTrialExpiration': datetime(2015, 1, 1),
        'grafanaVersion': 'string',
        'id': 'string',
        'licenseExpiration': datetime(2015, 1, 1),
        'licenseType': 'ENTERPRISE'|'ENTERPRISE_FREE_TRIAL',
        'modified': datetime(2015, 1, 1),
        'name': 'string',
        'notificationDestinations': [
            'SNS',
        ],
        'organizationRoleName': 'string',
        'organizationalUnits': [
            'string',
        ],
        'permissionType': 'CUSTOMER_MANAGED'|'SERVICE_MANAGED',
        'stackSetName': 'string',
        'status': 'ACTIVE'|'CREATING'|'DELETING'|'FAILED'|'UPDATING'|'UPGRADING'|'DELETION_FAILED'|'CREATION_FAILED'|'UPDATE_FAILED'|'UPGRADE_FAILED'|'LICENSE_REMOVAL_FAILED',
        'workspaceRoleArn': 'string'
    }
}

Response Structure

  • (dict) --

    • workspace (dict) --

      A structure containing data about the workspace.

      • accountAccessType (string) --

        Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If this is ORGANIZATION , the workspaceOrganizationalUnits parameter specifies which organizational units the workspace can access.

      • authentication (dict) --

        A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

        • providers (list) --

          Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

          • (string) --
        • samlConfigurationStatus (string) --

          Specifies whether the workplace's user authentication method is fully configured.

      • created (datetime) --

        The date that the workspace was created.

      • dataSources (list) --

        Specifies the Amazon Web Services data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.

        • (string) --
      • description (string) --

        The user-defined description of the workspace.

      • endpoint (string) --

        The URL that users can use to access the Grafana console in the workspace.

      • freeTrialConsumed (boolean) --

        Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.

      • freeTrialExpiration (datetime) --

        If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies when that free trial ends.

      • grafanaVersion (string) --

        The version of Grafana supported in this workspace.

      • id (string) --

        The unique ID of this workspace.

      • licenseExpiration (datetime) --

        If this workspace has a full Grafana Enterprise license, this specifies when the license ends and will need to be renewed.

      • licenseType (string) --

        Specifies whether this workspace has a full Grafana Enterprise license or a free trial license.

      • modified (datetime) --

        The most recent date that the workspace was modified.

      • name (string) --

        The name of the workspace.

      • notificationDestinations (list) --

        The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.

        • (string) --
      • organizationRoleName (string) --

        The name of the IAM role that is used to access resources through Organizations.

      • organizationalUnits (list) --

        Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

        • (string) --
      • permissionType (string) --

        If this is Service Managed , Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.

        If this is CUSTOMER_MANAGED , you manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED .

        For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels

      • stackSetName (string) --

        The name of the CloudFormation stack set that is used to generate IAM roles to be used for this workspace.

      • status (string) --

        The current status of the workspace.

      • workspaceRoleArn (string) --

        The IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. This role must already exist.

Exceptions

can_paginate(operation_name)

Check if an operation can be paginated.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Returns
True if the operation can be paginated, False otherwise.
create_workspace(**kwargs)

Creates a workspace . In a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces. You don't have to build, package, or deploy any hardware to run the Grafana server.

Don't use CreateWorkspace to modify an existing workspace. Instead, use UpdateWorkspace .

See also: AWS API Documentation

Request Syntax

response = client.create_workspace(
    accountAccessType='CURRENT_ACCOUNT'|'ORGANIZATION',
    authenticationProviders=[
        'AWS_SSO'|'SAML',
    ],
    clientToken='string',
    organizationRoleName='string',
    permissionType='CUSTOMER_MANAGED'|'SERVICE_MANAGED',
    stackSetName='string',
    workspaceDataSources=[
        'AMAZON_OPENSEARCH_SERVICE'|'CLOUDWATCH'|'PROMETHEUS'|'XRAY'|'TIMESTREAM'|'SITEWISE',
    ],
    workspaceDescription='string',
    workspaceName='string',
    workspaceNotificationDestinations=[
        'SNS',
    ],
    workspaceOrganizationalUnits=[
        'string',
    ],
    workspaceRoleArn='string'
)
Parameters
  • accountAccessType (string) --

    [REQUIRED]

    Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If you specify ORGANIZATION , you must specify which organizational units the workspace can access in the workspaceOrganizationalUnits parameter.

  • authenticationProviders (list) --

    [REQUIRED]

    Specifies whether this workspace uses SAML 2.0, Amazon Web Services Single Sign On, or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana .

    • (string) --
  • clientToken (string) --

    A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.

    This field is autopopulated if not provided.

  • organizationRoleName (string) -- The name of an IAM role that already exists to use with Organizations to access Amazon Web Services data sources and notification channels in other accounts in an organization.
  • permissionType (string) --

    [REQUIRED]

    If you specify Service Managed , Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.

    If you specify CUSTOMER_MANAGED , you will manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization that is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED .

    For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels

  • stackSetName (string) -- The name of the CloudFormation stack set to use to generate IAM roles to be used for this workspace.
  • workspaceDataSources (list) --

    Specify the Amazon Web Services data sources that you want to be queried in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these sources. You must still add them as data sources in the Grafana console in the workspace.

    If you don't specify a data source here, you can still add it as a data source in the workspace console later. However, you will then have to manually configure permissions for it.

    • (string) --
  • workspaceDescription (string) -- A description for the workspace. This is used only to help you identify this workspace.
  • workspaceName (string) -- The name for the workspace. It does not have to be unique.
  • workspaceNotificationDestinations (list) --

    Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to use these channels.

    • (string) --
  • workspaceOrganizationalUnits (list) --

    Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

    • (string) --
  • workspaceRoleArn (string) -- The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. If you already have a role that you want to use, specify it here. If you omit this field and you specify some Amazon Web Services resources in workspaceDataSources or workspaceNotificationDestinations , a new IAM role with the necessary permissions is automatically created.
Return type

dict

Returns

Response Syntax

{
    'workspace': {
        'accountAccessType': 'CURRENT_ACCOUNT'|'ORGANIZATION',
        'authentication': {
            'providers': [
                'AWS_SSO'|'SAML',
            ],
            'samlConfigurationStatus': 'CONFIGURED'|'NOT_CONFIGURED'
        },
        'created': datetime(2015, 1, 1),
        'dataSources': [
            'AMAZON_OPENSEARCH_SERVICE'|'CLOUDWATCH'|'PROMETHEUS'|'XRAY'|'TIMESTREAM'|'SITEWISE',
        ],
        'description': 'string',
        'endpoint': 'string',
        'freeTrialConsumed': True|False,
        'freeTrialExpiration': datetime(2015, 1, 1),
        'grafanaVersion': 'string',
        'id': 'string',
        'licenseExpiration': datetime(2015, 1, 1),
        'licenseType': 'ENTERPRISE'|'ENTERPRISE_FREE_TRIAL',
        'modified': datetime(2015, 1, 1),
        'name': 'string',
        'notificationDestinations': [
            'SNS',
        ],
        'organizationRoleName': 'string',
        'organizationalUnits': [
            'string',
        ],
        'permissionType': 'CUSTOMER_MANAGED'|'SERVICE_MANAGED',
        'stackSetName': 'string',
        'status': 'ACTIVE'|'CREATING'|'DELETING'|'FAILED'|'UPDATING'|'UPGRADING'|'DELETION_FAILED'|'CREATION_FAILED'|'UPDATE_FAILED'|'UPGRADE_FAILED'|'LICENSE_REMOVAL_FAILED',
        'workspaceRoleArn': 'string'
    }
}

Response Structure

  • (dict) --

    • workspace (dict) --

      A structure containing data about the workspace that was created.

      • accountAccessType (string) --

        Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If this is ORGANIZATION , the workspaceOrganizationalUnits parameter specifies which organizational units the workspace can access.

      • authentication (dict) --

        A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

        • providers (list) --

          Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

          • (string) --
        • samlConfigurationStatus (string) --

          Specifies whether the workplace's user authentication method is fully configured.

      • created (datetime) --

        The date that the workspace was created.

      • dataSources (list) --

        Specifies the Amazon Web Services data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.

        • (string) --
      • description (string) --

        The user-defined description of the workspace.

      • endpoint (string) --

        The URL that users can use to access the Grafana console in the workspace.

      • freeTrialConsumed (boolean) --

        Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.

      • freeTrialExpiration (datetime) --

        If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies when that free trial ends.

      • grafanaVersion (string) --

        The version of Grafana supported in this workspace.

      • id (string) --

        The unique ID of this workspace.

      • licenseExpiration (datetime) --

        If this workspace has a full Grafana Enterprise license, this specifies when the license ends and will need to be renewed.

      • licenseType (string) --

        Specifies whether this workspace has a full Grafana Enterprise license or a free trial license.

      • modified (datetime) --

        The most recent date that the workspace was modified.

      • name (string) --

        The name of the workspace.

      • notificationDestinations (list) --

        The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.

        • (string) --
      • organizationRoleName (string) --

        The name of the IAM role that is used to access resources through Organizations.

      • organizationalUnits (list) --

        Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

        • (string) --
      • permissionType (string) --

        If this is Service Managed , Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.

        If this is CUSTOMER_MANAGED , you manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED .

        For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels

      • stackSetName (string) --

        The name of the CloudFormation stack set that is used to generate IAM roles to be used for this workspace.

      • status (string) --

        The current status of the workspace.

      • workspaceRoleArn (string) --

        The IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. This role must already exist.

Exceptions

delete_workspace(**kwargs)

Deletes an Amazon Managed Grafana workspace.

See also: AWS API Documentation

Request Syntax

response = client.delete_workspace(
    workspaceId='string'
)
Parameters
workspaceId (string) --

[REQUIRED]

The ID of the workspace to delete.

Return type
dict
Returns
Response Syntax
{
    'workspace': {
        'accountAccessType': 'CURRENT_ACCOUNT'|'ORGANIZATION',
        'authentication': {
            'providers': [
                'AWS_SSO'|'SAML',
            ],
            'samlConfigurationStatus': 'CONFIGURED'|'NOT_CONFIGURED'
        },
        'created': datetime(2015, 1, 1),
        'dataSources': [
            'AMAZON_OPENSEARCH_SERVICE'|'CLOUDWATCH'|'PROMETHEUS'|'XRAY'|'TIMESTREAM'|'SITEWISE',
        ],
        'description': 'string',
        'endpoint': 'string',
        'freeTrialConsumed': True|False,
        'freeTrialExpiration': datetime(2015, 1, 1),
        'grafanaVersion': 'string',
        'id': 'string',
        'licenseExpiration': datetime(2015, 1, 1),
        'licenseType': 'ENTERPRISE'|'ENTERPRISE_FREE_TRIAL',
        'modified': datetime(2015, 1, 1),
        'name': 'string',
        'notificationDestinations': [
            'SNS',
        ],
        'organizationRoleName': 'string',
        'organizationalUnits': [
            'string',
        ],
        'permissionType': 'CUSTOMER_MANAGED'|'SERVICE_MANAGED',
        'stackSetName': 'string',
        'status': 'ACTIVE'|'CREATING'|'DELETING'|'FAILED'|'UPDATING'|'UPGRADING'|'DELETION_FAILED'|'CREATION_FAILED'|'UPDATE_FAILED'|'UPGRADE_FAILED'|'LICENSE_REMOVAL_FAILED',
        'workspaceRoleArn': 'string'
    }
}

Response Structure

  • (dict) --
    • workspace (dict) --

      A structure containing information about the workspace that was deleted.

      • accountAccessType (string) --

        Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If this is ORGANIZATION , the workspaceOrganizationalUnits parameter specifies which organizational units the workspace can access.

      • authentication (dict) --

        A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

        • providers (list) --

          Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

          • (string) --
        • samlConfigurationStatus (string) --

          Specifies whether the workplace's user authentication method is fully configured.

      • created (datetime) --

        The date that the workspace was created.

      • dataSources (list) --

        Specifies the Amazon Web Services data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.

        • (string) --
      • description (string) --

        The user-defined description of the workspace.

      • endpoint (string) --

        The URL that users can use to access the Grafana console in the workspace.

      • freeTrialConsumed (boolean) --

        Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.

      • freeTrialExpiration (datetime) --

        If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies when that free trial ends.

      • grafanaVersion (string) --

        The version of Grafana supported in this workspace.

      • id (string) --

        The unique ID of this workspace.

      • licenseExpiration (datetime) --

        If this workspace has a full Grafana Enterprise license, this specifies when the license ends and will need to be renewed.

      • licenseType (string) --

        Specifies whether this workspace has a full Grafana Enterprise license or a free trial license.

      • modified (datetime) --

        The most recent date that the workspace was modified.

      • name (string) --

        The name of the workspace.

      • notificationDestinations (list) --

        The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.

        • (string) --
      • organizationRoleName (string) --

        The name of the IAM role that is used to access resources through Organizations.

      • organizationalUnits (list) --

        Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

        • (string) --
      • permissionType (string) --

        If this is Service Managed , Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.

        If this is CUSTOMER_MANAGED , you manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED .

        For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels

      • stackSetName (string) --

        The name of the CloudFormation stack set that is used to generate IAM roles to be used for this workspace.

      • status (string) --

        The current status of the workspace.

      • workspaceRoleArn (string) --

        The IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. This role must already exist.

Exceptions

describe_workspace(**kwargs)

Displays information about one Amazon Managed Grafana workspace.

See also: AWS API Documentation

Request Syntax

response = client.describe_workspace(
    workspaceId='string'
)
Parameters
workspaceId (string) --

[REQUIRED]

The ID of the workspace to display information about.

Return type
dict
Returns
Response Syntax
{
    'workspace': {
        'accountAccessType': 'CURRENT_ACCOUNT'|'ORGANIZATION',
        'authentication': {
            'providers': [
                'AWS_SSO'|'SAML',
            ],
            'samlConfigurationStatus': 'CONFIGURED'|'NOT_CONFIGURED'
        },
        'created': datetime(2015, 1, 1),
        'dataSources': [
            'AMAZON_OPENSEARCH_SERVICE'|'CLOUDWATCH'|'PROMETHEUS'|'XRAY'|'TIMESTREAM'|'SITEWISE',
        ],
        'description': 'string',
        'endpoint': 'string',
        'freeTrialConsumed': True|False,
        'freeTrialExpiration': datetime(2015, 1, 1),
        'grafanaVersion': 'string',
        'id': 'string',
        'licenseExpiration': datetime(2015, 1, 1),
        'licenseType': 'ENTERPRISE'|'ENTERPRISE_FREE_TRIAL',
        'modified': datetime(2015, 1, 1),
        'name': 'string',
        'notificationDestinations': [
            'SNS',
        ],
        'organizationRoleName': 'string',
        'organizationalUnits': [
            'string',
        ],
        'permissionType': 'CUSTOMER_MANAGED'|'SERVICE_MANAGED',
        'stackSetName': 'string',
        'status': 'ACTIVE'|'CREATING'|'DELETING'|'FAILED'|'UPDATING'|'UPGRADING'|'DELETION_FAILED'|'CREATION_FAILED'|'UPDATE_FAILED'|'UPGRADE_FAILED'|'LICENSE_REMOVAL_FAILED',
        'workspaceRoleArn': 'string'
    }
}

Response Structure

  • (dict) --
    • workspace (dict) --

      A structure containing information about the workspace.

      • accountAccessType (string) --

        Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If this is ORGANIZATION , the workspaceOrganizationalUnits parameter specifies which organizational units the workspace can access.

      • authentication (dict) --

        A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

        • providers (list) --

          Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

          • (string) --
        • samlConfigurationStatus (string) --

          Specifies whether the workplace's user authentication method is fully configured.

      • created (datetime) --

        The date that the workspace was created.

      • dataSources (list) --

        Specifies the Amazon Web Services data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.

        • (string) --
      • description (string) --

        The user-defined description of the workspace.

      • endpoint (string) --

        The URL that users can use to access the Grafana console in the workspace.

      • freeTrialConsumed (boolean) --

        Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.

      • freeTrialExpiration (datetime) --

        If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies when that free trial ends.

      • grafanaVersion (string) --

        The version of Grafana supported in this workspace.

      • id (string) --

        The unique ID of this workspace.

      • licenseExpiration (datetime) --

        If this workspace has a full Grafana Enterprise license, this specifies when the license ends and will need to be renewed.

      • licenseType (string) --

        Specifies whether this workspace has a full Grafana Enterprise license or a free trial license.

      • modified (datetime) --

        The most recent date that the workspace was modified.

      • name (string) --

        The name of the workspace.

      • notificationDestinations (list) --

        The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.

        • (string) --
      • organizationRoleName (string) --

        The name of the IAM role that is used to access resources through Organizations.

      • organizationalUnits (list) --

        Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

        • (string) --
      • permissionType (string) --

        If this is Service Managed , Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.

        If this is CUSTOMER_MANAGED , you manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED .

        For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels

      • stackSetName (string) --

        The name of the CloudFormation stack set that is used to generate IAM roles to be used for this workspace.

      • status (string) --

        The current status of the workspace.

      • workspaceRoleArn (string) --

        The IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. This role must already exist.

Exceptions

describe_workspace_authentication(**kwargs)

Displays information about the authentication methods used in one Amazon Managed Grafana workspace.

See also: AWS API Documentation

Request Syntax

response = client.describe_workspace_authentication(
    workspaceId='string'
)
Parameters
workspaceId (string) --

[REQUIRED]

The ID of the workspace to return authentication information about.

Return type
dict
Returns
Response Syntax
{
    'authentication': {
        'awsSso': {
            'ssoClientId': 'string'
        },
        'providers': [
            'AWS_SSO'|'SAML',
        ],
        'saml': {
            'configuration': {
                'allowedOrganizations': [
                    'string',
                ],
                'assertionAttributes': {
                    'email': 'string',
                    'groups': 'string',
                    'login': 'string',
                    'name': 'string',
                    'org': 'string',
                    'role': 'string'
                },
                'idpMetadata': {
                    'url': 'string',
                    'xml': 'string'
                },
                'loginValidityDuration': 123,
                'roleValues': {
                    'admin': [
                        'string',
                    ],
                    'editor': [
                        'string',
                    ]
                }
            },
            'status': 'CONFIGURED'|'NOT_CONFIGURED'
        }
    }
}

Response Structure

  • (dict) --
    • authentication (dict) --

      A structure containing information about the authentication methods used in the workspace.

      • awsSso (dict) --

        A structure containing information about how this workspace works with Amazon Web Services SSO.

        • ssoClientId (string) --

          The ID of the Amazon Web Services SSO-managed application that is created by Amazon Managed Grafana.

      • providers (list) --

        Specifies whether this workspace uses Amazon Web Services SSO, SAML, or both methods to authenticate users to use the Grafana console in the Amazon Managed Grafana workspace.

        • (string) --
      • saml (dict) --

        A structure containing information about how this workspace works with SAML, including what attributes within the assertion are to be mapped to user information in the workspace.

        • configuration (dict) --

          A structure containing details about how this workspace works with SAML.

          • allowedOrganizations (list) --

            Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access.

            • (string) --
          • assertionAttributes (dict) --

            A structure that defines which attributes in the SAML assertion are to be used to define information about the users authenticated by that IdP to use the workspace.

            • email (string) --

              The name of the attribute within the SAML assertion to use as the email names for SAML users.

            • groups (string) --

              The name of the attribute within the SAML assertion to use as the user full "friendly" names for user groups.

            • login (string) --

              The name of the attribute within the SAML assertion to use as the login names for SAML users.

            • name (string) --

              The name of the attribute within the SAML assertion to use as the user full "friendly" names for SAML users.

            • org (string) --

              The name of the attribute within the SAML assertion to use as the user full "friendly" names for the users' organizations.

            • role (string) --

              The name of the attribute within the SAML assertion to use as the user roles.

          • idpMetadata (dict) --

            A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace.

            Note

            This is a Tagged Union structure. Only one of the following top level keys will be set: url, xml. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
            
            • url (string) --

              The URL of the location containing the metadata.

            • xml (string) --

              The actual full metadata file, in XML format.

          • loginValidityDuration (integer) --

            How long a sign-on session by a SAML user is valid, before the user has to sign on again.

          • roleValues (dict) --

            A structure containing arrays that map group names in the SAML assertion to the Grafana Admin and Editor roles in the workspace.

            • admin (list) --

              A list of groups from the SAML assertion attribute to grant the Grafana Admin role to.

              • (string) --
            • editor (list) --

              A list of groups from the SAML assertion attribute to grant the Grafana Editor role to.

              • (string) --
        • status (string) --

          Specifies whether the workspace's SAML configuration is complete.

Exceptions

disassociate_license(**kwargs)

Removes the Grafana Enterprise license from a workspace.

See also: AWS API Documentation

Request Syntax

response = client.disassociate_license(
    licenseType='ENTERPRISE'|'ENTERPRISE_FREE_TRIAL',
    workspaceId='string'
)
Parameters
  • licenseType (string) --

    [REQUIRED]

    The type of license to remove from the workspace.

  • workspaceId (string) --

    [REQUIRED]

    The ID of the workspace to remove the Grafana Enterprise license from.

Return type

dict

Returns

Response Syntax

{
    'workspace': {
        'accountAccessType': 'CURRENT_ACCOUNT'|'ORGANIZATION',
        'authentication': {
            'providers': [
                'AWS_SSO'|'SAML',
            ],
            'samlConfigurationStatus': 'CONFIGURED'|'NOT_CONFIGURED'
        },
        'created': datetime(2015, 1, 1),
        'dataSources': [
            'AMAZON_OPENSEARCH_SERVICE'|'CLOUDWATCH'|'PROMETHEUS'|'XRAY'|'TIMESTREAM'|'SITEWISE',
        ],
        'description': 'string',
        'endpoint': 'string',
        'freeTrialConsumed': True|False,
        'freeTrialExpiration': datetime(2015, 1, 1),
        'grafanaVersion': 'string',
        'id': 'string',
        'licenseExpiration': datetime(2015, 1, 1),
        'licenseType': 'ENTERPRISE'|'ENTERPRISE_FREE_TRIAL',
        'modified': datetime(2015, 1, 1),
        'name': 'string',
        'notificationDestinations': [
            'SNS',
        ],
        'organizationRoleName': 'string',
        'organizationalUnits': [
            'string',
        ],
        'permissionType': 'CUSTOMER_MANAGED'|'SERVICE_MANAGED',
        'stackSetName': 'string',
        'status': 'ACTIVE'|'CREATING'|'DELETING'|'FAILED'|'UPDATING'|'UPGRADING'|'DELETION_FAILED'|'CREATION_FAILED'|'UPDATE_FAILED'|'UPGRADE_FAILED'|'LICENSE_REMOVAL_FAILED',
        'workspaceRoleArn': 'string'
    }
}

Response Structure

  • (dict) --

    • workspace (dict) --

      A structure containing information about the workspace.

      • accountAccessType (string) --

        Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If this is ORGANIZATION , the workspaceOrganizationalUnits parameter specifies which organizational units the workspace can access.

      • authentication (dict) --

        A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

        • providers (list) --

          Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

          • (string) --
        • samlConfigurationStatus (string) --

          Specifies whether the workplace's user authentication method is fully configured.

      • created (datetime) --

        The date that the workspace was created.

      • dataSources (list) --

        Specifies the Amazon Web Services data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.

        • (string) --
      • description (string) --

        The user-defined description of the workspace.

      • endpoint (string) --

        The URL that users can use to access the Grafana console in the workspace.

      • freeTrialConsumed (boolean) --

        Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.

      • freeTrialExpiration (datetime) --

        If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies when that free trial ends.

      • grafanaVersion (string) --

        The version of Grafana supported in this workspace.

      • id (string) --

        The unique ID of this workspace.

      • licenseExpiration (datetime) --

        If this workspace has a full Grafana Enterprise license, this specifies when the license ends and will need to be renewed.

      • licenseType (string) --

        Specifies whether this workspace has a full Grafana Enterprise license or a free trial license.

      • modified (datetime) --

        The most recent date that the workspace was modified.

      • name (string) --

        The name of the workspace.

      • notificationDestinations (list) --

        The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.

        • (string) --
      • organizationRoleName (string) --

        The name of the IAM role that is used to access resources through Organizations.

      • organizationalUnits (list) --

        Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

        • (string) --
      • permissionType (string) --

        If this is Service Managed , Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.

        If this is CUSTOMER_MANAGED , you manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED .

        For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels

      • stackSetName (string) --

        The name of the CloudFormation stack set that is used to generate IAM roles to be used for this workspace.

      • status (string) --

        The current status of the workspace.

      • workspaceRoleArn (string) --

        The IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. This role must already exist.

Exceptions

get_paginator(operation_name)

Create a paginator for an operation.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Raises OperationNotPageableError
Raised if the operation is not pageable. You can use the client.can_paginate method to check if an operation is pageable.
Return type
L{botocore.paginate.Paginator}
Returns
A paginator object.
get_waiter(waiter_name)

Returns an object that can wait for some condition.

Parameters
waiter_name (str) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters.
Returns
The specified waiter object.
Return type
botocore.waiter.Waiter
list_permissions(**kwargs)

Lists the users and groups who have the Grafana Admin and Editor roles in this workspace. If you use this operation without specifying userId or groupId , the operation returns the roles of all users and groups. If you specify a userId or a groupId , only the roles for that user or group are returned. If you do this, you can specify only one userId or one groupId .

See also: AWS API Documentation

Request Syntax

response = client.list_permissions(
    groupId='string',
    maxResults=123,
    nextToken='string',
    userId='string',
    userType='SSO_USER'|'SSO_GROUP',
    workspaceId='string'
)
Parameters
  • groupId (string) -- (Optional) Limits the results to only the group that matches this ID.
  • maxResults (integer) -- The maximum number of results to include in the response.
  • nextToken (string) -- The token to use when requesting the next set of results. You received this token from a previous ListPermissions operation.
  • userId (string) -- (Optional) Limits the results to only the user that matches this ID.
  • userType (string) -- (Optional) If you specify SSO_USER , then only the permissions of Amazon Web Services SSO users are returned. If you specify SSO_GROUP , only the permissions of Amazon Web Services SSO groups are returned.
  • workspaceId (string) --

    [REQUIRED]

    The ID of the workspace to list permissions for. This parameter is required.

Return type

dict

Returns

Response Syntax

{
    'nextToken': 'string',
    'permissions': [
        {
            'role': 'ADMIN'|'EDITOR',
            'user': {
                'id': 'string',
                'type': 'SSO_USER'|'SSO_GROUP'
            }
        },
    ]
}

Response Structure

  • (dict) --

    • nextToken (string) --

      The token to use in a subsequent ListPermissions operation to return the next set of results.

    • permissions (list) --

      The permissions returned by the operation.

      • (dict) --

        A structure containing the identity of one user or group and the Admin or Editor role that they have.

        • role (string) --

          Specifies whether the user or group has the Admin or Editor role.

        • user (dict) --

          A structure with the ID of the user or group with this role.

          • id (string) --

            The ID of the user or group.

          • type (string) --

            Specifies whether this is a single user or a group.

Exceptions

list_workspaces(**kwargs)

Returns a list of Amazon Managed Grafana workspaces in the account, with some information about each workspace. For more complete information about one workspace, use DescribeWorkspace .

See also: AWS API Documentation

Request Syntax

response = client.list_workspaces(
    maxResults=123,
    nextToken='string'
)
Parameters
  • maxResults (integer) -- The maximum number of workspaces to include in the results.
  • nextToken (string) -- The token for the next set of workspaces to return. (You receive this token from a previous ListWorkspaces operation.)
Return type

dict

Returns

Response Syntax

{
    'nextToken': 'string',
    'workspaces': [
        {
            'authentication': {
                'providers': [
                    'AWS_SSO'|'SAML',
                ],
                'samlConfigurationStatus': 'CONFIGURED'|'NOT_CONFIGURED'
            },
            'created': datetime(2015, 1, 1),
            'description': 'string',
            'endpoint': 'string',
            'grafanaVersion': 'string',
            'id': 'string',
            'modified': datetime(2015, 1, 1),
            'name': 'string',
            'notificationDestinations': [
                'SNS',
            ],
            'status': 'ACTIVE'|'CREATING'|'DELETING'|'FAILED'|'UPDATING'|'UPGRADING'|'DELETION_FAILED'|'CREATION_FAILED'|'UPDATE_FAILED'|'UPGRADE_FAILED'|'LICENSE_REMOVAL_FAILED'
        },
    ]
}

Response Structure

  • (dict) --

    • nextToken (string) --

      The token to use when requesting the next set of workspaces.

    • workspaces (list) --

      An array of structures that contain some information about the workspaces in the account.

      • (dict) --

        A structure that contains some information about one workspace in the account.

        • authentication (dict) --

          A structure containing information about the authentication methods used in the workspace.

          • providers (list) --

            Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

            • (string) --
          • samlConfigurationStatus (string) --

            Specifies whether the workplace's user authentication method is fully configured.

        • created (datetime) --

          The date that the workspace was created.

        • description (string) --

          The customer-entered description of the workspace.

        • endpoint (string) --

          The URL endpoint to use to access the Grafana console in the workspace.

        • grafanaVersion (string) --

          The Grafana version that the workspace is running.

        • id (string) --

          The unique ID of the workspace.

        • modified (datetime) --

          The most recent date that the workspace was modified.

        • name (string) --

          The name of the workspace.

        • notificationDestinations (list) --

          The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, which allows Amazon Managed Grafana to use these channels.

          • (string) --
        • status (string) --

          The current status of the workspace.

Exceptions

update_permissions(**kwargs)

Updates which users in a workspace have the Grafana Admin or Editor roles.

See also: AWS API Documentation

Request Syntax

response = client.update_permissions(
    updateInstructionBatch=[
        {
            'action': 'ADD'|'REVOKE',
            'role': 'ADMIN'|'EDITOR',
            'users': [
                {
                    'id': 'string',
                    'type': 'SSO_USER'|'SSO_GROUP'
                },
            ]
        },
    ],
    workspaceId='string'
)
Parameters
  • updateInstructionBatch (list) --

    [REQUIRED]

    An array of structures that contain the permission updates to make.

    • (dict) --

      Contains the instructions for one Grafana role permission update in a UpdatePermissions operation.

      • action (string) -- [REQUIRED]

        Specifies whether this update is to add or revoke role permissions.

      • role (string) -- [REQUIRED]

        The role to add or revoke for the user or the group specified in users .

      • users (list) -- [REQUIRED]

        A structure that specifies the user or group to add or revoke the role for.

        • (dict) --

          A structure that specifies one user or group in the workspace.

          • id (string) -- [REQUIRED]

            The ID of the user or group.

          • type (string) -- [REQUIRED]

            Specifies whether this is a single user or a group.

  • workspaceId (string) --

    [REQUIRED]

    The ID of the workspace to update.

Return type

dict

Returns

Response Syntax

{
    'errors': [
        {
            'causedBy': {
                'action': 'ADD'|'REVOKE',
                'role': 'ADMIN'|'EDITOR',
                'users': [
                    {
                        'id': 'string',
                        'type': 'SSO_USER'|'SSO_GROUP'
                    },
                ]
            },
            'code': 123,
            'message': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • errors (list) --

      An array of structures that contain the errors from the operation, if any.

      • (dict) --

        A structure containing information about one error encountered while performing an UpdatePermissions operation.

        • causedBy (dict) --

          Specifies which permission update caused the error.

          • action (string) --

            Specifies whether this update is to add or revoke role permissions.

          • role (string) --

            The role to add or revoke for the user or the group specified in users .

          • users (list) --

            A structure that specifies the user or group to add or revoke the role for.

            • (dict) --

              A structure that specifies one user or group in the workspace.

              • id (string) --

                The ID of the user or group.

              • type (string) --

                Specifies whether this is a single user or a group.

        • code (integer) --

          The error code.

        • message (string) --

          The message for this error.

Exceptions

update_workspace(**kwargs)

Modifies an existing Amazon Managed Grafana workspace. If you use this operation and omit any optional parameters, the existing values of those parameters are not changed.

To modify the user authentication methods that the workspace uses, such as SAML or Amazon Web Services SSO, use UpdateWorkspaceAuthentication .

To modify which users in the workspace have the Admin and Editor Grafana roles, use UpdatePermissions .

See also: AWS API Documentation

Request Syntax

response = client.update_workspace(
    accountAccessType='CURRENT_ACCOUNT'|'ORGANIZATION',
    organizationRoleName='string',
    permissionType='CUSTOMER_MANAGED'|'SERVICE_MANAGED',
    stackSetName='string',
    workspaceDataSources=[
        'AMAZON_OPENSEARCH_SERVICE'|'CLOUDWATCH'|'PROMETHEUS'|'XRAY'|'TIMESTREAM'|'SITEWISE',
    ],
    workspaceDescription='string',
    workspaceId='string',
    workspaceName='string',
    workspaceNotificationDestinations=[
        'SNS',
    ],
    workspaceOrganizationalUnits=[
        'string',
    ],
    workspaceRoleArn='string'
)
Parameters
  • accountAccessType (string) -- Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If you specify ORGANIZATION , you must specify which organizational units the workspace can access in the workspaceOrganizationalUnits parameter.
  • organizationRoleName (string) -- The name of an IAM role that already exists to use to access resources through Organizations.
  • permissionType (string) --

    If you specify Service Managed , Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.

    If you specify CUSTOMER_MANAGED , you will manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED .

    For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels

  • stackSetName (string) -- The name of the CloudFormation stack set to use to generate IAM roles to be used for this workspace.
  • workspaceDataSources (list) --

    Specify the Amazon Web Services data sources that you want to be queried in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these sources. You must still add them as data sources in the Grafana console in the workspace.

    If you don't specify a data source here, you can still add it as a data source later in the workspace console. However, you will then have to manually configure permissions for it.

    • (string) --
  • workspaceDescription (string) -- A description for the workspace. This is used only to help you identify this workspace.
  • workspaceId (string) --

    [REQUIRED]

    The ID of the workspace to update.

  • workspaceName (string) -- A new name for the workspace to update.
  • workspaceNotificationDestinations (list) --

    Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to use these channels.

    • (string) --
  • workspaceOrganizationalUnits (list) --

    Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

    • (string) --
  • workspaceRoleArn (string) -- The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. If you already have a role that you want to use, specify it here. If you omit this field and you specify some Amazon Web Services resources in workspaceDataSources or workspaceNotificationDestinations , a new IAM role with the necessary permissions is automatically created.
Return type

dict

Returns

Response Syntax

{
    'workspace': {
        'accountAccessType': 'CURRENT_ACCOUNT'|'ORGANIZATION',
        'authentication': {
            'providers': [
                'AWS_SSO'|'SAML',
            ],
            'samlConfigurationStatus': 'CONFIGURED'|'NOT_CONFIGURED'
        },
        'created': datetime(2015, 1, 1),
        'dataSources': [
            'AMAZON_OPENSEARCH_SERVICE'|'CLOUDWATCH'|'PROMETHEUS'|'XRAY'|'TIMESTREAM'|'SITEWISE',
        ],
        'description': 'string',
        'endpoint': 'string',
        'freeTrialConsumed': True|False,
        'freeTrialExpiration': datetime(2015, 1, 1),
        'grafanaVersion': 'string',
        'id': 'string',
        'licenseExpiration': datetime(2015, 1, 1),
        'licenseType': 'ENTERPRISE'|'ENTERPRISE_FREE_TRIAL',
        'modified': datetime(2015, 1, 1),
        'name': 'string',
        'notificationDestinations': [
            'SNS',
        ],
        'organizationRoleName': 'string',
        'organizationalUnits': [
            'string',
        ],
        'permissionType': 'CUSTOMER_MANAGED'|'SERVICE_MANAGED',
        'stackSetName': 'string',
        'status': 'ACTIVE'|'CREATING'|'DELETING'|'FAILED'|'UPDATING'|'UPGRADING'|'DELETION_FAILED'|'CREATION_FAILED'|'UPDATE_FAILED'|'UPGRADE_FAILED'|'LICENSE_REMOVAL_FAILED',
        'workspaceRoleArn': 'string'
    }
}

Response Structure

  • (dict) --

    • workspace (dict) --

      A structure containing data about the workspace that was created.

      • accountAccessType (string) --

        Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If this is ORGANIZATION , the workspaceOrganizationalUnits parameter specifies which organizational units the workspace can access.

      • authentication (dict) --

        A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

        • providers (list) --

          Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

          • (string) --
        • samlConfigurationStatus (string) --

          Specifies whether the workplace's user authentication method is fully configured.

      • created (datetime) --

        The date that the workspace was created.

      • dataSources (list) --

        Specifies the Amazon Web Services data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.

        • (string) --
      • description (string) --

        The user-defined description of the workspace.

      • endpoint (string) --

        The URL that users can use to access the Grafana console in the workspace.

      • freeTrialConsumed (boolean) --

        Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.

      • freeTrialExpiration (datetime) --

        If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies when that free trial ends.

      • grafanaVersion (string) --

        The version of Grafana supported in this workspace.

      • id (string) --

        The unique ID of this workspace.

      • licenseExpiration (datetime) --

        If this workspace has a full Grafana Enterprise license, this specifies when the license ends and will need to be renewed.

      • licenseType (string) --

        Specifies whether this workspace has a full Grafana Enterprise license or a free trial license.

      • modified (datetime) --

        The most recent date that the workspace was modified.

      • name (string) --

        The name of the workspace.

      • notificationDestinations (list) --

        The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.

        • (string) --
      • organizationRoleName (string) --

        The name of the IAM role that is used to access resources through Organizations.

      • organizationalUnits (list) --

        Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

        • (string) --
      • permissionType (string) --

        If this is Service Managed , Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.

        If this is CUSTOMER_MANAGED , you manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED .

        For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels

      • stackSetName (string) --

        The name of the CloudFormation stack set that is used to generate IAM roles to be used for this workspace.

      • status (string) --

        The current status of the workspace.

      • workspaceRoleArn (string) --

        The IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. This role must already exist.

Exceptions

update_workspace_authentication(**kwargs)

Use this operation to define the identity provider (IdP) that this workspace authenticates users from, using SAML. You can also map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.

See also: AWS API Documentation

Request Syntax

response = client.update_workspace_authentication(
    authenticationProviders=[
        'AWS_SSO'|'SAML',
    ],
    samlConfiguration={
        'allowedOrganizations': [
            'string',
        ],
        'assertionAttributes': {
            'email': 'string',
            'groups': 'string',
            'login': 'string',
            'name': 'string',
            'org': 'string',
            'role': 'string'
        },
        'idpMetadata': {
            'url': 'string',
            'xml': 'string'
        },
        'loginValidityDuration': 123,
        'roleValues': {
            'admin': [
                'string',
            ],
            'editor': [
                'string',
            ]
        }
    },
    workspaceId='string'
)
Parameters
  • authenticationProviders (list) --

    [REQUIRED]

    Specifies whether this workspace uses SAML 2.0, Amazon Web Services Single Sign On, or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana .

    • (string) --
  • samlConfiguration (dict) --

    If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.

    • allowedOrganizations (list) --

      Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access.

      • (string) --
    • assertionAttributes (dict) --

      A structure that defines which attributes in the SAML assertion are to be used to define information about the users authenticated by that IdP to use the workspace.

      • email (string) --

        The name of the attribute within the SAML assertion to use as the email names for SAML users.

      • groups (string) --

        The name of the attribute within the SAML assertion to use as the user full "friendly" names for user groups.

      • login (string) --

        The name of the attribute within the SAML assertion to use as the login names for SAML users.

      • name (string) --

        The name of the attribute within the SAML assertion to use as the user full "friendly" names for SAML users.

      • org (string) --

        The name of the attribute within the SAML assertion to use as the user full "friendly" names for the users' organizations.

      • role (string) --

        The name of the attribute within the SAML assertion to use as the user roles.

    • idpMetadata (dict) -- [REQUIRED]

      A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: url, xml.

      • url (string) --

        The URL of the location containing the metadata.

      • xml (string) --

        The actual full metadata file, in XML format.

    • loginValidityDuration (integer) --

      How long a sign-on session by a SAML user is valid, before the user has to sign on again.

    • roleValues (dict) --

      A structure containing arrays that map group names in the SAML assertion to the Grafana Admin and Editor roles in the workspace.

      • admin (list) --

        A list of groups from the SAML assertion attribute to grant the Grafana Admin role to.

        • (string) --
      • editor (list) --

        A list of groups from the SAML assertion attribute to grant the Grafana Editor role to.

        • (string) --
  • workspaceId (string) --

    [REQUIRED]

    The ID of the workspace to update the authentication for.

Return type

dict

Returns

Response Syntax

{
    'authentication': {
        'awsSso': {
            'ssoClientId': 'string'
        },
        'providers': [
            'AWS_SSO'|'SAML',
        ],
        'saml': {
            'configuration': {
                'allowedOrganizations': [
                    'string',
                ],
                'assertionAttributes': {
                    'email': 'string',
                    'groups': 'string',
                    'login': 'string',
                    'name': 'string',
                    'org': 'string',
                    'role': 'string'
                },
                'idpMetadata': {
                    'url': 'string',
                    'xml': 'string'
                },
                'loginValidityDuration': 123,
                'roleValues': {
                    'admin': [
                        'string',
                    ],
                    'editor': [
                        'string',
                    ]
                }
            },
            'status': 'CONFIGURED'|'NOT_CONFIGURED'
        }
    }
}

Response Structure

  • (dict) --

    • authentication (dict) --

      A structure that describes the user authentication for this workspace after the update is made.

      • awsSso (dict) --

        A structure containing information about how this workspace works with Amazon Web Services SSO.

        • ssoClientId (string) --

          The ID of the Amazon Web Services SSO-managed application that is created by Amazon Managed Grafana.

      • providers (list) --

        Specifies whether this workspace uses Amazon Web Services SSO, SAML, or both methods to authenticate users to use the Grafana console in the Amazon Managed Grafana workspace.

        • (string) --
      • saml (dict) --

        A structure containing information about how this workspace works with SAML, including what attributes within the assertion are to be mapped to user information in the workspace.

        • configuration (dict) --

          A structure containing details about how this workspace works with SAML.

          • allowedOrganizations (list) --

            Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access.

            • (string) --
          • assertionAttributes (dict) --

            A structure that defines which attributes in the SAML assertion are to be used to define information about the users authenticated by that IdP to use the workspace.

            • email (string) --

              The name of the attribute within the SAML assertion to use as the email names for SAML users.

            • groups (string) --

              The name of the attribute within the SAML assertion to use as the user full "friendly" names for user groups.

            • login (string) --

              The name of the attribute within the SAML assertion to use as the login names for SAML users.

            • name (string) --

              The name of the attribute within the SAML assertion to use as the user full "friendly" names for SAML users.

            • org (string) --

              The name of the attribute within the SAML assertion to use as the user full "friendly" names for the users' organizations.

            • role (string) --

              The name of the attribute within the SAML assertion to use as the user roles.

          • idpMetadata (dict) --

            A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace.

            Note

            This is a Tagged Union structure. Only one of the following top level keys will be set: url, xml. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
            
            • url (string) --

              The URL of the location containing the metadata.

            • xml (string) --

              The actual full metadata file, in XML format.

          • loginValidityDuration (integer) --

            How long a sign-on session by a SAML user is valid, before the user has to sign on again.

          • roleValues (dict) --

            A structure containing arrays that map group names in the SAML assertion to the Grafana Admin and Editor roles in the workspace.

            • admin (list) --

              A list of groups from the SAML assertion attribute to grant the Grafana Admin role to.

              • (string) --
            • editor (list) --

              A list of groups from the SAML assertion attribute to grant the Grafana Editor role to.

              • (string) --
        • status (string) --

          Specifies whether the workspace's SAML configuration is complete.

Exceptions

Client Exceptions

Client exceptions are available on a client instance via the exceptions property. For more detailed instructions and examples on the exact usage of client exceptions, see the error handling user guide.

The available client exceptions are:

class ManagedGrafana.Client.exceptions.AccessDeniedException

You do not have sufficient permissions to perform this action.

Example

try:
  ...
except client.exceptions.AccessDeniedException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'message': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    You do not have sufficient permissions to perform this action.

    • message (string) --
    • Error (dict) -- Normalized access to common exception attributes.
      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class ManagedGrafana.Client.exceptions.ConflictException

A resource was in an inconsistent state during an update or a deletion.

Example

try:
  ...
except client.exceptions.ConflictException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'message': 'string',
    'resourceId': 'string',
    'resourceType': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    A resource was in an inconsistent state during an update or a deletion.

    • message (string) --

      A description of the error.

    • resourceId (string) --

      The ID of the resource that is associated with the error.

    • resourceType (string) --

      The type of the resource that is associated with the error.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class ManagedGrafana.Client.exceptions.InternalServerException

Unexpected error while processing the request. Retry the request.

Example

try:
  ...
except client.exceptions.InternalServerException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'message': 'string',
    'retryAfterSeconds': 123,
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    Unexpected error while processing the request. Retry the request.

    • message (string) --

      A description of the error.

    • retryAfterSeconds (integer) --

      How long to wait before you retry this operation.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class ManagedGrafana.Client.exceptions.ResourceNotFoundException

The request references a resource that does not exist.

Example

try:
  ...
except client.exceptions.ResourceNotFoundException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'message': 'string',
    'resourceId': 'string',
    'resourceType': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    The request references a resource that does not exist.

    • message (string) --

      The value of a parameter in the request caused an error.

    • resourceId (string) --

      The ID of the resource that is associated with the error.

    • resourceType (string) --

      The type of the resource that is associated with the error.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class ManagedGrafana.Client.exceptions.ServiceQuotaExceededException

The request would cause a service quota to be exceeded.

Example

try:
  ...
except client.exceptions.ServiceQuotaExceededException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'message': 'string',
    'quotaCode': 'string',
    'resourceId': 'string',
    'resourceType': 'string',
    'serviceCode': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    The request would cause a service quota to be exceeded.

    • message (string) --

      A description of the error.

    • quotaCode (string) --

      The ID of the service quota that was exceeded.

    • resourceId (string) --

      The ID of the resource that is associated with the error.

    • resourceType (string) --

      The type of the resource that is associated with the error.

    • serviceCode (string) --

      The value of a parameter in the request caused an error.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class ManagedGrafana.Client.exceptions.ThrottlingException

The request was denied because of request throttling. Retry the request.

Example

try:
  ...
except client.exceptions.ThrottlingException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'message': 'string',
    'quotaCode': 'string',
    'retryAfterSeconds': 123,
    'serviceCode': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    The request was denied because of request throttling. Retry the request.

    • message (string) --

      A description of the error.

    • quotaCode (string) --

      The ID of the service quota that was exceeded.

    • retryAfterSeconds (integer) --

      The value of a parameter in the request caused an error.

    • serviceCode (string) --

      The ID of the service that is associated with the error.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class ManagedGrafana.Client.exceptions.ValidationException

The value of a parameter in the request caused an error.

Example

try:
  ...
except client.exceptions.ValidationException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'fieldList': [
        {
            'message': 'string',
            'name': 'string'
        },
    ],
    'message': 'string',
    'reason': 'UNKNOWN_OPERATION'|'CANNOT_PARSE'|'FIELD_VALIDATION_FAILED'|'OTHER',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    The value of a parameter in the request caused an error.

    • fieldList (list) --

      A list of fields that might be associated with the error.

      • (dict) --

        A structure that contains information about a request parameter that caused an error.

        • message (string) --

          A message describing why this field couldn't be validated.

        • name (string) --

          The name of the field that caused the validation error.

    • message (string) --

      A description of the error.

    • reason (string) --

      The reason that the operation failed.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.

Paginators

The available paginators are:

class ManagedGrafana.Paginator.ListPermissions
paginator = client.get_paginator('list_permissions')
paginate(**kwargs)

Creates an iterator that will paginate through responses from ManagedGrafana.Client.list_permissions().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    groupId='string',
    userId='string',
    userType='SSO_USER'|'SSO_GROUP',
    workspaceId='string',
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • groupId (string) -- (Optional) Limits the results to only the group that matches this ID.
  • userId (string) -- (Optional) Limits the results to only the user that matches this ID.
  • userType (string) -- (Optional) If you specify SSO_USER , then only the permissions of Amazon Web Services SSO users are returned. If you specify SSO_GROUP , only the permissions of Amazon Web Services SSO groups are returned.
  • workspaceId (string) --

    [REQUIRED]

    The ID of the workspace to list permissions for. This parameter is required.

  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'permissions': [
        {
            'role': 'ADMIN'|'EDITOR',
            'user': {
                'id': 'string',
                'type': 'SSO_USER'|'SSO_GROUP'
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • permissions (list) --

      The permissions returned by the operation.

      • (dict) --

        A structure containing the identity of one user or group and the Admin or Editor role that they have.

        • role (string) --

          Specifies whether the user or group has the Admin or Editor role.

        • user (dict) --

          A structure with the ID of the user or group with this role.

          • id (string) --

            The ID of the user or group.

          • type (string) --

            Specifies whether this is a single user or a group.

    • NextToken (string) --

      A token to resume pagination.

class ManagedGrafana.Paginator.ListWorkspaces
paginator = client.get_paginator('list_workspaces')
paginate(**kwargs)

Creates an iterator that will paginate through responses from ManagedGrafana.Client.list_workspaces().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
PaginationConfig (dict) --

A dictionary that provides parameters to control pagination.

  • MaxItems (integer) --

    The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

  • PageSize (integer) --

    The size of each page.

  • StartingToken (string) --

    A token to specify where to start paginating. This is the NextToken from a previous response.

Return type
dict
Returns
Response Syntax
{
    'workspaces': [
        {
            'authentication': {
                'providers': [
                    'AWS_SSO'|'SAML',
                ],
                'samlConfigurationStatus': 'CONFIGURED'|'NOT_CONFIGURED'
            },
            'created': datetime(2015, 1, 1),
            'description': 'string',
            'endpoint': 'string',
            'grafanaVersion': 'string',
            'id': 'string',
            'modified': datetime(2015, 1, 1),
            'name': 'string',
            'notificationDestinations': [
                'SNS',
            ],
            'status': 'ACTIVE'|'CREATING'|'DELETING'|'FAILED'|'UPDATING'|'UPGRADING'|'DELETION_FAILED'|'CREATION_FAILED'|'UPDATE_FAILED'|'UPGRADE_FAILED'|'LICENSE_REMOVAL_FAILED'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --
    • workspaces (list) --

      An array of structures that contain some information about the workspaces in the account.

      • (dict) --

        A structure that contains some information about one workspace in the account.

        • authentication (dict) --

          A structure containing information about the authentication methods used in the workspace.

          • providers (list) --

            Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user authentication.

            • (string) --
          • samlConfigurationStatus (string) --

            Specifies whether the workplace's user authentication method is fully configured.

        • created (datetime) --

          The date that the workspace was created.

        • description (string) --

          The customer-entered description of the workspace.

        • endpoint (string) --

          The URL endpoint to use to access the Grafana console in the workspace.

        • grafanaVersion (string) --

          The Grafana version that the workspace is running.

        • id (string) --

          The unique ID of the workspace.

        • modified (datetime) --

          The most recent date that the workspace was modified.

        • name (string) --

          The name of the workspace.

        • notificationDestinations (list) --

          The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, which allows Amazon Managed Grafana to use these channels.

          • (string) --
        • status (string) --

          The current status of the workspace.

    • NextToken (string) --

      A token to resume pagination.